[Buildroot] [PATCH 1/1] package/squid: security bump to version 4.11
peter at korsgaard.com
Sun May 10 19:31:05 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> Fix CVE-2020-11945: An issue was discovered in Squid before 5.0.2. A
> remote attacker can replay a sniffed Digest Authentication nonce to gain
> access to resources that are otherwise forbidden. This occurs because
> the attacker can overflow the nonce reference counter (a short integer).
> Remote code execution may occur if the pooled token credentials are
> freed (instead of replayed as valid credentials).
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x, thanks.
Bye, Peter Korsgaard
More information about the buildroot